From: [^B@23andme.com] 



Subject: Re: media request 

1. Where do the majority of your profits come from? 

As a privately held company, 23andMe does not share these types of business metrics or 
financial information. 

2. How can you guarantee that information that is supposed to be private won't be 
used in yet-to-be-invented ways? 

23andMe takes seriously the trust customers place in us. We implement physical, technical, and 
administrative measures to prevent unauthorized access to or disclosure of customer 
information; to maintain data accuracy; to ensure the appropriate use of information; and 
otherwise safeguard customers’ information. These measures include encryption of customer 
information both at rest and in transit. We also limit access to information to only essential, 
authorized personnel, based on job function and role. 23andMe access controls include 
multi-factor authentication, single sign-on, and strict least-privileged authorization policy. 


3. What is the extent of your dealings with third parties ie police or pharma including 
GSK [GlaxoSmithKline]? 

Beyond the private lab we work with to process your sample and deliver your results, your 
information will not be shared with any other entity unless you provide us with consent to do so. 

If you opt in to research, which requires a separate consent and is completely voluntary, your 
de-identified genetic information, stripped of any personally identifiable data, may be used for 
research purposes. The analysis of that information in aggregate form - meaning among many 
others' de-identified information - may be shared with third party researchers to advance 
knowledge of disease and inform potential treatments. For example, summary information may 
include a statement that "30% of males aged 35-65 have reported being diagnosed with 
Parkinson’s disease and have certain genetic variants/mutations in common," without providing 
any data or testing results specific to any individual person. Analysis is done in-house by 
23andMe scientists - our collaborators do not have access to our database. You can find 
examples of third parties we work with on this page: https://www.23andme.com/research/ . All of 
our research is overseen by an independent third party known as an Institutional Review Board, 
to ensure all ethical and legal standards are being met. 





Re: law enforcement, it is 23andMe policy to challenge law enforcement requests. To date 
23andMe has not shared any information with law enforcement agencies. We publish this 
information in our Transparency Report: https://www.23andme.com/transoarencv-report/ . 


4. What happens to DNA info if 23andMe is bought or goes out of business? 

Our customers’ information will remain subject to the policies within our Privacy Statement. 
Customers have the option to delete their 23andMe account and personal information within 
their Account Settings at any time. Once a customer’s account is deleted, all associated 
personal information is deleted and any stored samples are discarded. 


5. You guarantee privacy to the test-takers, but what about the families of those 
people who are not testing but become part of the web anyway? 


Our DNA Relatives tool does help people find and connect with participating genetic relatives. 
It’s important to note that DNA Relatives is completely optional, meaning customers must 
actively choose to participate. We do let customers know they may learn life changing 
information by using the DNA Relatives tool, and we urge customers to be thoughtful about 
the information they share. 

6. Does this industry need external regulation? Why not? 

Our product is regulated differently in different markets. In the US we are regulated by the FDA, 
and are the only direct-to-consumer company with FDA-authorized genetic reports. In areas 
where regulation may be lacking, 23andMe along with other leaders in the industry worked with 
a non-profit third party, the Future of Privacy Forum, to publish industry-wide best practices. We 
also have a Global Quality Management System in place that applies to our product across all 
markets in which 23andMe is available. 

7. Do you sell or in any way share users DNA? 

See above. 

8. Isn’t one of the main reasons people use your service is to be matched with 
family? So if users opt to keep your DNA results private they won’t be matched. So is it 
correct that very few users select to keep their DNA results private? 



There are a number of reasons why people choose to take a DNA test, and many people do 
opt-in to our DNA Relatives tool. Our customers regularly share their compelling stories with 
us about what they learned from their 23andMe results -- whether it’s to connect with new 
family members, filling in major gaps in their family tree, or to learn more about potential 
health risks. We have deliberately built our reports so people can explore them in a way they 
are comfortable. 
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